DevHeads.net

Postings by Roger Goh

OT: features / test criteria for email filtering/security product

I'm looking at Votiro, Proofpoint & Israel email security products
to reduce spam, emails from bad reputation IP, emails with
malicious attachments & URL.

What are the features/criteria to assess or look out for?

Esp if I'm on O365.

a) can link to SpamHaus, RBL etc to get bad reputation IP?
b) offers CDR, sandboxing?
c) can claw back malicious emails from users' mailbox once
Sandboxing completed analysis that an email or attachmt
is malicious (Proofpoint has one such product)
d) can withstand email blasting (eg: 80000/minute)
e) ... help add on ...

OT: Risks & mitigations of allowing an external sender to send to us (with sender 'same domain' as us)

There is an external app server (that is our service provider) that we want
them
to blast emails to a team/department in our organization (email domain @
xyz.com)
but these emails will have the sender to be in same domain as us ie @xyz.com
.

What are the risks of permitting such bypass (ie disable Norelay) in our
MTA
(it's MS Exchange) & if we have to permit it, what mitigations we can put
in place?

Roger

How to obtain blacklists IP lists

This may have been raised before:

we received quite a few malicious emails (containing malicious attachments)
& on tracing the senders' IP (from the 'Internet Headers' of the received
mails) & key into one of the services below, noted they are malicious
& then we manually block them but by then a couple hundreds of these
emails would have landed in users' mailboxes, some of it have been
opened by users (despite our top-end commercial security product):
<a href="http://mxtoolbox.com/blacklists.aspx" title="http://mxtoolbox.com/blacklists.aspx">http://mxtoolbox.com/blacklists.aspx</a>
<a href="http://www.pinpointe.com/blog/how-do-i-know-if-im-on-a-spam-blacklist" title="http://www.pinpointe.com/blog/how-do-i-know-if-im-on-a-spam-blacklist">http://www.pinpointe.com/blog/how-do-i-know-if-im-on-a-spam-blacklist</a>

Question:
is there any way I

sendmail vs postfix : robustness, stability & vulnerabilities

We are using a commercial version of sendmail (refer to sendmail.com)
on RHEL 5.x

We have seen something like 20000 mails sent to it within 5 mins &
it just hung up or caused severe delay in delivery.

Q1:
Is postfix (which is now the default Smtp with RHEL 6.x) more robust ie can
take bursts of high
volumes & can handle huge attachments/mails with faster deliveries?

Q2:
In the past VA scans 5-10years ago, sendmail is always reported as
something that should
not be used.

OT: specify relay server in mutt or settings to be done before mutt could work

I have got the firewall rules permitted from our RHEL 5.x
& RHEL 6.x servers to our SMTP relay server (it runs
on RHEL 5.8).

In the past, I recall I have a server that I could just issue
mutt command below & it will send email out via the
relay server at that site:
mutt -s "Test mail" -a /tmp/file.tar.gz <a href="mailto: ... at nixdorf dot de"> ... at nixdorf dot de</a> <
/tmp/mailmessage.txt

Now all servers (at another site) can't send email out.
Did I need to set something at this site's servers or is
there any way that I could specify the SMTP relay server
in the mutt command?

MUA/Smtp client/script to send mails via a Postfix relay server

Quite desperate & sorry if this is OT.

I have a Linux RHES 4.5 box that's on the same subnet as my Postfix
box.

Too many TLS sessions : at sender or recipient's end?

All four of us (cccc, iiii, mmm, ppp) suddenly received a notification
email below:

An app from xxxportal.com's postfix server was sending an email to
all four of our mailboxes (in sss.com.au's mail server).

So is the notification below indicating we need to tune TLS at xxxportal.com's
postfix server or at our end's server?

Kindly elaborate the steps to tune/increase the TLS parameter.

Roger

**************************** Notification email
****************************************

The original message was received at Mon, 22 Aug 2011 17:14:02 +0800
from [172.19.21.28]

----- The follo

Automating regular checks that incoming & outgoing mails are still working

There's often problem with our postfix mail server (that runs Cyrus /
Cyrus-imapd) :

I have scripts (using mutt) to send hourly mails out (& from another
postfix server, I
can send mails to it).

I need a way / method such that if those hourly test mails were never
sent out or
received, I'll need to be alerted. Let me know the freeware tools &
method to go
about doing this?

Will procmail (to verify if mails between the 2 postfix servers arrives at the
mailboxes) be needed?

Tackling looping auto-reply / auto-forward mails

My apologies if this is not the right group to post but I'm
getting desperate.

Currently I have a mailbox (let's refer to it as <a href="mailto: ... at exchange_pop3 dot com"> ... at exchange_pop3 dot com</a>)
hosted in our corporate IS MS Exchange server.

security vulnerability : SMTP daemon supports EHLO

Hi,

During a VA scan, it's reported that my postfix server has
a security vulnerability :

EhloCheck: SMTP daemon supports EHLO

1. How can I disable EHLO & still send/receive mails?

2. Or is there a later version of postfix (let me know the
version) that addresses this or any patch to apply?

3.

Reducing time it takes to set undeliverable mails to MAILER-DAEMON

1)What are the types of emails in postfix queue that would be set to
MAILER-DAEMON? Is it all undeliverable mails? Or we can add
in extra criteria to set incoming mails to MAILER-DAEMON (& how)?

2)I think it takes several hours currently to set undeliverable mails to
MAILER-DAEMON. Where/how to find out the current setting for
number of hours it takes that's currently in effect?

3)Can I set different timings, say for mails with mailbox that's full, it takes
2 days while for invalid email addresses/domains, it will take 1 hour?

Thanks
Roger

mails delivered to procmail were removed ; SASL support not compiled

Bear with me; I'm a newbie struggling to get a  newly set up postfix
server to receive mails on Unix account (roger8 is the account that
I've useradd'ed)

1. firstly, is ISPconfig necessary in a postfix server or I can still get
a basic postfix set up without it? If it's essential where can I
download its RPM (for Redhat)

2. is there anything wrong with my aliases file below? I've run 'newaliases'
to generate aliases.db & restarted postfix

3.